Virtumonde removal can be successfully accomplished via the following steps below. Please note that this fix only works on Windows XP. NEVER RUN COMBOFIX ON WINDOWS VISTA!!!
Warning: The fix below is a manual process and should only be attempted by professional anti-malware techs.
If you want to remove any variant of Virtumonde automatically AND prevent new infections pick up a copy of
Spyware Doctor with AntiVirus
Manual Steps for Windows XP
1. Download the latest version of combofix from here.
2. Save combofix in the root of your c: drive ( c:\combofix.exe)
3. Reboot the pc in safemode (edit* 4/22/08 – ComboFix may not work in safemode on some computers. If ComboFix does not work for you in safe mode I would suggest that you run malwarebytes’ anti-malware in safemode…it removed Virtumonde without a problem).
4. Login and Run ComboFix.
5. Follow the on screen prompts to clean your pc.
{ 23 comments… read them below or add one }
Worked perfectly. Cleaned up my computer after several other products couldn’t.
THANKS
Good, I’m glad it worked for ya. You can also use VundoFix or Spyware Doctor with Antivirus.
Thanks for this, got rid of virtumonde very well
Outstanding performance on your part!
Thank you very much.
As easy as falling off a log.
Beautiful product. worked perfectly. thanks
I purchased spyware doctor with anti-virus last night because I have fought a virtumonde infection since last friday. It didn’t work. Hands down this was the program suggested by everyone. I am still having problems with pop-ups, random strings, changed desktop and blue screen of death screen saver. Any one have any suggestions? I’ve lost track of the stuff I have tried.
Yes. In that case you’ll need to build a bootable antivirus disc. Please follow the instructions here:
http://remove-malware.com/how-to-make-a-bootable-antivirus-disc/
Once you have the disk build boot from it and perform a full avira scan.
Worked for me as well. Thank you very much!
Just an FYI for all of you out there. Combofix is good stuff but if you have data you do not want to loose you should do a full backup first. This tool has been none to wreak havick on rare ocations.
vundofix.exe and Spybot Search and Destroy are also great free programs to check out for Virtumonde.
Lastely nothing beats real paid for software. If you had it in the first place you would not of been infected. I’m not recommending any paid software here because I don’t want to be seen as trying to spam. Almost all free anti-virus and anti-spyware programs out there do not provide the active protection that you need.
Combofix worked to get rid of Virtumonde after a day of using other methods which did not work. Hope it works for others. The only thing it didn’t clean up (and this may have been caused by another malware since a number were installed at once on my commputer from an infected .exe file that I stupidly ran) is that my legal copy of XP can’t be verified by Microsoft now (doesn’t say it’s illegal, just that it can’t be verified)and I can’t download updates. Fortunatley I’ve got up through SP3 so I guess I’ll have to live without any more updates.
This is great! Cleaned my system after trying others.
BINGO! Worked for me and I didn’t even have to boot up in Safe Mode. All the other solutions were so difficult and some were just non-sensical like delete the following 75 files. This is so simple, just run it.
THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!
Thanx alot.. I think it worked.. still keeping fingers crossed but so far so good.
Thanks it work
but can i delete now “Qoobox” folder that ComboFix did? along with quarantine files ?
This program worked GREAT! I downloaded several programs including Spybot and PC Tools. Neither of which could get rid of these files. Scans on several virus programs did not detect anything, but I was still getting pop ups and system crashes.
After running combofix, everything works perfect once again and I am very thankful. I work on my computer all day long and am fairly tech savy. This virus was very tricky and extremely difficult to remove until I ran combofix. GREAT program!
I just ran this program and it is AWESOME! I can’t believe how quick and easily it removed virtumonde! HIGHLY RECOMMEND!!!
I just run this program without having it on safe mode (since i can’t do that on my work computer) and it works but the scanning takes a while. All in all, it’s worth it since it removed virtumonde.
Previously, i run spy bot. It can detected it and deleted it. But it was not actually deleted, they are still there. With combofix, it fixed everything.
THANK YOU!!! HANDS DOWN
Dude, I had Virtumonde before & I tried EVERYTHING & nothing worked. I tried installing Combofix before (from a USB) but the Virtumonde was so bad it didn’t even let me load it. I ended up reformatting my whole entire computer. THIS time around, the Virtumonde virus wasn’t AS bad & I took advice from all these comments & tried it out (without going into safe mode)& IT GOT RID OF IT
I’m so happy! Haha, THANKS A PLENTY. I sound like a nerd.
Success!
(1) Norton didnt detect or remove Virtumonde
(2) Spybot found Virtumonde, but it kept returning at re-boot
SYMPTOMS of virtumonde:
-Launching IE, peskey adds keep returning and
-convincing authentic-looking scan warnings keep popping up
-internet (dialup) connection keeps launching by itself
SOLUTION:
(3) combofix.exe ELIMINATED Virtumonde !!!!!!
yippee!!!
Note: It created “Qoobox” folder on the root of C: where quarantine and documentation are located for viewing pleasure; A very, very nice touch for documenting.
KUDOS
I shall return to remove-malware.com
Thx
this worked perfectly!!
tried to remobe a particular stubborn mutant of virtumond in the last few days using S&D. got it down from 15 infections to 3 with S&D but these three remained. With combofix however these three were also removed. BEAUTIFUL!!!!
Thank you, combofix works without running in safe mode.
s&d has find virtumonde, but not destroy it.
thanks again.
its fake not working to me
combofix its just hiding those annoying thing but not totally removing it, hate it…